Help with loopback policy

B

Brian Anderson

I have a win2k terminal server I have a few specific settings on,
namely, removing shut down from the start menu, adding log off, and
making the C:\ drive inaccessible on the machine. I have two remote
stores that are dependent on terminal services, as well as a few local
users who use terminal services for various reasons. So what I think I
need is a loopback policy on the terminal server to make sure any local
user who logs on has the shut down removed from the start on the
terminal server, but when on their local machine shut down is present.
I think this is the "replace" option. Question is, how do I set this
up so my user has the shut down option when logged on? I want to be
able to remotely control and shut down/reboot the machine if necessary.
If I'm using the GPMC, do I place my user name in the Delegation Tab >
Advanced button > Security setting with a deny to "apply Group Policy"?

Also, if the Terminal Server is in its own OU, all GPO's with user
configuration settings in that OU are applied via the loopback policy,
correct?

Thanks!
Brian
 
F

Florian Frommherz

Howdy Brian!

Brian said:
So what I think I
need is a loopback policy on the terminal server to make sure any local
user who logs on has the shut down removed from the start on the
terminal server, but when on their local machine shut down is present.
I think this is the "replace" option. Question is, how do I set this
up so my user has the shut down option when logged on? I want to be
able to remotely control and shut down/reboot the machine if necessary.
If I'm using the GPMC, do I place my user name in the Delegation Tab >
Advanced button > Security setting with a deny to "apply Group Policy"?
Click to expand...

Yes, I'd do so. Or a little better: create an Active Directory Group
called "Terminal Servers Administrators" or something similar to that
and deny this group "Apply Group Policy" rights. Makes things easier if
you searched for the reason why the policy doesn't apply to some accounts...
Also, if the Terminal Server is in its own OU, all GPO's with user
configuration settings in that OU are applied via the loopback policy,
correct?
Click to expand...

Yes - if Loopback is enabled.

cheers,

Florian
 
B

Brian Anderson

Thanks Florian!

Looks like there was a Terminal Services Admin group I didn't know
about, so I added myself to the group, set the loopback and it looks
like it works.

Thanks for the help!
Brian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

OU-based Group Policy not applying when logging onto Terminal Serv 1
Loopback policy question 1
GPO IE Zone Mapping issue on TS 2
Stop policy applying to Administrator when using Loopback 4
Loopback replace mode 3
GPO on Terminal Server 1
Loopback Processing and Deny Apply in ACL 5
Group Policy for Terminal Server not working 2

Top